Results 1 to 5 of 5

Thread: Internet browser infected with "SelectionLinks".

  1. #1
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default

    DDS, attach.txt and aswMBR Log are at the end of post.

    Hi,

    My internet browser (Google Chrome) has been infected with an extension called "SelectionLinks". It displays pop-up ads upon clicking links to other webpages and sometimes makes pieces of text on webpages turn to a link to an ad page of some kind. The ads look like they are things related to things I have searched for or looked at online so I assume that this is some sort of spyware. The enable/disable button in my extension settings in Chrome has been removed for "SelectionLinks", so I can't just disable it. I tried to uninstall it the old fashioned way by going into my Control Panel and selected the "Uninstall a program" button, but there wasn't anything called "SelectionLinks" or anything like that to be uninstalled. I ran a scan on my computer with both Spybot and MalwareBytes. Spybot caught a lot of "pup" files which I told it to remove and it did successfully, but "SelectionLinks" is still on my browser. I ran a MalwareBytes scan and it found a few things that I removed successfully, but "SelectionLinks" is still appearing in my browser's extension listings. I have found several removal tutorials for this thing in other forums that I have tried. One of which suggested removing certain files from my registry. I went into my registry to look for these files only to find that they didn't exist. I just ran another scan in Spybot and MalwareBytes just now and it came up with nothing. Also, I have Windows 7 if that helps anything. I have tried everything to try to remove this thing. Please help!

    -Thank you

    --------
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
    Run by Amanda at 21:35:49 on 2013-03-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3229 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Users\Amanda\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\ProgramData\Search Protection\SearchProtection.exe
    C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=902ABE758E3EE6AB544BB5514A85E36C
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: SelectionLinks: {7365A975-D1E8-41ed-8C66-FA70EDB97A39} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Amanda\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN2332G0R205RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0AA933CD-4D8C-47B5-A3A0-6A6ECDD3E8CD} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{0AA933CD-4D8C-47B5-A3A0-6A6ECDD3E8CD}\841677B696E676F5330303E4F554874756E6465627 : DHCPNameServer = 68.87.76.182 68.87.78.134
    TCP: Interfaces\{74B1FCF8-62D8-4526-B6B2-E02EDD4802A2} : DHCPNameServer = 172.168.51.52
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-3-20 14456]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-1-9 89600]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Amanda\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-3-17 107520]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-4-25 31000]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-8 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-15 2413056]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-22 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-22 682344]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-3-19 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-8 2656280]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-8 317440]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-22 24176]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-1-1 91648]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-1-1 208896]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-8 338536]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-8 428136]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]
    S2 WajamUpdater;WajamUpdater;"C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [?]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" --> C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [?]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe --> C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-03-25 01:58:00 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
    2013-03-25 01:57:16 -------- d-----w- C:\ProgramData\FUJIFILM
    2013-03-25 01:56:50 -------- d-----w- C:\Program Files (x86)\FUJIFILM
    2013-03-24 05:36:46 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4520E4FA-5080-4678-879B-B91A95D0DD2F}\mpengine.dll
    2013-03-23 00:18:12 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-22 08:49:23 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Malwarebytes
    2013-03-22 08:49:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-03-22 08:49:09 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-22 08:49:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-22 08:48:54 -------- d-----w- C:\Users\Amanda\AppData\Local\Programs
    2013-03-21 10:44:23 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{906308A7-FBD0-4D6F-B562-F0A9EA1B41D5}\gapaengine.dll
    2013-03-21 04:01:21 -------- d-----w- C:\Users\Amanda\AppData\Roaming\LavasoftStatistics
    2013-03-21 04:01:00 -------- d-----w- C:\ProgramData\Search Protection
    2013-03-21 04:00:58 -------- d-----w- C:\Users\Amanda\AppData\Local\adawarebp
    2013-03-21 04:00:58 -------- d-----w- C:\ProgramData\blekko toolbars
    2013-03-21 04:00:58 -------- d-----w- C:\ProgramData\adawaretb
    2013-03-21 04:00:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2013-03-21 04:00:43 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2013-03-21 04:00:26 -------- d-----w- C:\Program Files (x86)\adawaretb
    2013-03-21 03:59:41 47496 ----a-w- C:\Windows\System32\sbbd.exe
    2013-03-21 03:59:41 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
    2013-03-21 03:59:39 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Ad-Aware Antivirus
    2013-03-20 04:15:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-03-20 04:15:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2013-03-18 02:03:54 -------- d-----w- C:\Program Files (x86)\Power Tab Software
    2013-03-18 01:49:16 -------- d-----w- C:\Program Files (x86)\DefaultTab
    2013-03-18 01:49:09 -------- d-----w- C:\Users\Amanda\AppData\Roaming\DefaultTab
    2013-03-18 01:49:04 -------- d-----w- C:\Users\Amanda\AppData\Local\SwvUpdater
    2013-03-16 10:13:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-03-15 08:54:01 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2013-03-11 06:48:20 -------- d-----w- C:\Users\Amanda\AppData\Local\ElevatedDiagnostics
    2013-03-11 06:13:48 327168 ----a-w- C:\Windows\IsUninst.exe
    2013-03-11 04:37:26 -------- d-----w- C:\Program Files (x86)\Tomb Raider 4 - The Times Exclusive
    2013-03-11 03:08:21 -------- d--h--w- C:\Windows\PIF
    2013-03-09 07:55:31 -------- d-----w- C:\Program Files\iPod
    2013-03-09 07:55:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-03-09 07:55:30 -------- d-----w- C:\Program Files\iTunes
    2013-03-09 07:55:30 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-03-08 05:29:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-03-14 02:09:42 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-14 02:09:42 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-08 05:29:04 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-08 05:29:04 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-20 23:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-01-20 23:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 21:36:02.21 ===============



    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-24 21:37:27
    -----------------------------
    21:37:27.038 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:37:27.038 Number of processors: 4 586 0x2A07
    21:37:27.039 ComputerName: AMANDA-HP UserName: Amanda
    21:37:29.116 Initialize success
    21:37:38.273 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:37:38.277 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
    21:37:38.394 Disk 0 MBR read successfully
    21:37:38.399 Disk 0 MBR scan
    21:37:38.405 Disk 0 Windows 7 default MBR code
    21:37:38.414 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    21:37:38.432 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 592892 MB offset 409600
    21:37:38.464 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17284 MB offset 1214652416
    21:37:38.485 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
    21:37:38.545 Disk 0 scanning C:\Windows\system32\drivers
    21:37:45.548 Service scanning
    21:38:04.647 Modules scanning
    21:38:04.665 Disk 0 trace - called modules:
    21:38:04.684 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    21:38:05.027 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064eb060]
    21:38:05.040 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800634ab10]
    21:38:05.052 5 hpdskflt.sys[fffff88001a98189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006245050]
    21:38:05.065 Scan finished successfully
    21:39:53.841 Disk 0 MBR has been saved successfully to "C:\Users\Amanda\Desktop\MBR.dat"
    21:39:53.848 The log file has been saved successfully to "C:\Users\Amanda\Desktop\aswMBR.txt"

    An update:

    I think I finally managed to locate at least one of the files for "SelectionLinks" in my registry. It's not for Chrome, but it may help somewhat...I found the file by looking at my diagnostic reports that I ran on my computer myself to find a thing titled "SelectionLinks" under the "Pseudo HJT Report" with a registry number next to it. I searched for it in the registry and found it here:

    The file is in the registry is under "Microsoft", then "Internet Explorer", then "Approved Extensions" and is a "REG_BINARY" type file titled "{7365A975-D1E8-41ed-8C66-FA70EDB97A39}".

    It won't let me delete it though and gives me this error message:
    "Unable to delete all specified values."

    Any help would be greatly appreciated.
    Last edited by tashi; 2013-03-28 at 06:47. Reason: Merged two posts as per forum sticky. ;-)

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post fresh DDS logs.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Mar 2013
    Posts
    4

    Default

    Fresh DDS log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
    Run by Amanda at 16:21:54 on 2013-03-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3566 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
    C:\Users\Amanda\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\FUJIFILM\MyFinePix Studio\dd.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\ProgramData\Search Protection\SearchProtection.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=902ABE758E3EE6AB544BB5514A85E36C
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: {7365A975-D1E8-41ed-8C66-FA70EDB97A39} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Amanda\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN2332G0R205RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Device Detection] C:\Program Files (x86)\FUJIFILM\MyFinePix Studio\dd.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0AA933CD-4D8C-47B5-A3A0-6A6ECDD3E8CD} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{0AA933CD-4D8C-47B5-A3A0-6A6ECDD3E8CD}\841677B696E676F5330303E4F554874756E6465627 : DHCPNameServer = 68.87.76.182 68.87.78.134
    TCP: Interfaces\{74B1FCF8-62D8-4526-B6B2-E02EDD4802A2} : DHCPNameServer = 172.168.51.52
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-3-20 14456]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-1-9 89600]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Amanda\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-3-17 107520]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-4-25 31000]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-8 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-15 2413056]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-22 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-22 682344]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-3-19 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-8 2656280]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-8 317440]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-22 24176]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-1-1 91648]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-1-1 208896]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-8 338536]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-8 428136]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 WajamUpdater;WajamUpdater;"C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [?]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" --> C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [?]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe --> C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-03-30 02:57:35 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E02E1CD-4AB8-423C-BD7A-42002A3E7299}\mpengine.dll
    2013-03-29 01:04:17 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-29 00:58:48 -------- d-----w- C:\Users\Amanda\AppData\Local\FUJIFILM
    2013-03-25 01:58:00 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
    2013-03-25 01:57:16 -------- d-----w- C:\ProgramData\FUJIFILM
    2013-03-25 01:56:50 -------- d-----w- C:\Program Files (x86)\FUJIFILM
    2013-03-23 00:12:06 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-22 08:49:23 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Malwarebytes
    2013-03-22 08:49:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-03-22 08:49:09 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-22 08:49:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-22 08:48:54 -------- d-----w- C:\Users\Amanda\AppData\Local\Programs
    2013-03-21 10:44:23 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{906308A7-FBD0-4D6F-B562-F0A9EA1B41D5}\gapaengine.dll
    2013-03-21 04:01:21 -------- d-----w- C:\Users\Amanda\AppData\Roaming\LavasoftStatistics
    2013-03-21 04:01:00 -------- d-----w- C:\ProgramData\Search Protection
    2013-03-21 04:00:58 -------- d-----w- C:\Users\Amanda\AppData\Local\adawarebp
    2013-03-21 04:00:58 -------- d-----w- C:\ProgramData\blekko toolbars
    2013-03-21 04:00:58 -------- d-----w- C:\ProgramData\adawaretb
    2013-03-21 04:00:56 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2013-03-21 04:00:43 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2013-03-21 04:00:26 -------- d-----w- C:\Program Files (x86)\adawaretb
    2013-03-21 03:59:41 47496 ----a-w- C:\Windows\System32\sbbd.exe
    2013-03-21 03:59:41 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
    2013-03-21 03:59:39 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Ad-Aware Antivirus
    2013-03-20 04:15:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-03-20 04:15:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2013-03-18 02:03:54 -------- d-----w- C:\Program Files (x86)\Power Tab Software
    2013-03-18 01:49:16 -------- d-----w- C:\Program Files (x86)\DefaultTab
    2013-03-18 01:49:09 -------- d-----w- C:\Users\Amanda\AppData\Roaming\DefaultTab
    2013-03-18 01:49:04 -------- d-----w- C:\Users\Amanda\AppData\Local\SwvUpdater
    2013-03-16 10:13:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-03-15 08:54:01 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2013-03-11 06:48:20 -------- d-----w- C:\Users\Amanda\AppData\Local\ElevatedDiagnostics
    2013-03-11 06:13:48 327168 ----a-w- C:\Windows\IsUninst.exe
    2013-03-11 04:37:26 -------- d-----w- C:\Program Files (x86)\Tomb Raider 4 - The Times Exclusive
    2013-03-11 03:08:21 -------- d--h--w- C:\Windows\PIF
    2013-03-09 07:55:31 -------- d-----w- C:\Program Files\iPod
    2013-03-09 07:55:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-03-09 07:55:30 -------- d-----w- C:\Program Files\iTunes
    2013-03-09 07:55:30 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-03-08 05:29:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-03-14 02:09:42 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-14 02:09:42 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-08 05:29:04 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-08 05:29:04 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-20 23:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2013-01-20 23:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 16:22:59.41 ===============
    Last edited by tashi; 2013-05-21 at 21:10. Reason: Date of archive. Thank you Blade81. :-)

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    What's the status here?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •